Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

At the recent RSA Conference it was virtually impossible to find a vendor that was not claiming to use machine learning. Both new and established companies are now touting “machine learning” as a major component of the data science being used in their products. What the heck is machine learning anyway? And is it really going to reshape cyber security in 2016?

For brevity’s sake, I’ll define machine learning as the science of getting computers to act without being explicitly programmed. Over the past decade, machine learning has enabled self-driving cars, practical speech recognition, effective web search, and has vastly improved our understanding of the human genome. Machine learning is so pervasive today that we use it dozens of times a day without knowing it. Many researchers also think machine learning is the best way to make progress towards human-level Artificial Intelligence.

[ MORE MACHINE LEARNING: Machine learning: Cybersecurity dream-come-true or pipe dream? ].

Read more

FBI — You have a connected car/ self driving car in the US; be careful because the hackers are coming.

That’s why the U.S. National Highway Traffic Safety Administration (NHTSA) and Federal Bureau of Investigation issued a bulletin warning about the increasing vulnerability of motor vehicles to hacking.

The FBI warns drivers to ensure their car’s software is up to date, to be careful making unauthorized modifications to their car’s software and when connecting to third-party devices, and be wary of who has physical access to their vehicle. Instead it’s meant to educate the public after a series of publicly known hacks of cars in 2015, including a Jeep intentionally hijacked by researchers while driving down the highway.

If there is one part that sticks out, it’s that last sentence, asking drivers “to maintain awareness of potential issues and cybersecurity threats” in their cars.

Read more

This is interesting; especially for us who have been engaged in the Cyber Security Warfare for a while. In the 90’s, the top hackers at the time got much of their training out of a known network ring of hackers in Denmark. In fact, they had an underground monthly magazine I believe it was called “Hacker 77” or something like that. Anyway, now Demark is setting up an academy to teach others to combat hackers.

The Danish security and intelligence service PET has announced plans to recruit talented IT nerds interested in helping the Danish state with its cyber espionage against foreign powers like terrorist organisations.

The agency has today launched a marketing campaign for what the media is calling a “hackers’ academy” with the slogan: “Have you got what it takes to become a member of a secret elite unit?”

READ MORE: Cyber warfare heats up.

Read more

The legendary hacker George Hotz, known by his nom de guerre “geohot,” who first came to public attention by hacking Apple’s (AAPL) first iPhone, spoke this morning at the South by Southwest conference about taking on Tesla’s (TSLA) self-driving car initiatives with his own garage efforts, a talk titled “I built a better self-driving car than Tesla.”

By the end of the talk, it was clear he had numerous targets, including Alphabet’s (GOOGL) self-driving car efforts, despite mighty respect for the search giant.

Hotz’s achievement, rigging up home made parts to an Acura ILX to make it self-driving, first came to prominence with an article in mid-December by Bloomberg’s Ashlee Vance.

Read more

Nice concept; however, given the recent warnings for 2016; I hope that IDC and others are not overwhelmed as well as able to meet their client’s expectations. My concern is expectations by policy holders as well as leaders operating in a mode of false sense of security and ignoring warnings that they would have focused on closely without the insurance.

New report offers insight into some of the tools and models available today to help insurers expand into this emerging market, balance their risk portfolios, and maintain a positive outlook

FRAMINGHAM, Mass., March 15, 2016 – Increased digitization and interconnectivity have catapulted the risk of cyber threats as one of the top global perils of 2016 and beyond. To combat this risk, many companies will look to insurance as a critical risk management technique that complements improved cyber security measures. IDC Financial Insights outlines the tremendous opportunities for insurers to capitalize on this largely untapped market in a new report, Perspective: Cyber Insurance — Can Technology Help Insurers Overcome Their Skepticism? (Doc #EMEA41044816), and emphasizes some of the tools and models that can help insurers effectively penetrate the emerging market while balancing their risk portfolios.

Read more

Very concerning: 72% of all India companies were hacked in 2015. How many were hosting consumer and business data for non-Indian companies say US or European companies?

According to KPMG’s, Cyber Crime Survey Report 2015, around 72 per cent of the companies in India have faced cyber-attacks in the year 2015. In India a spate of cyber security issues have been witnessed like the Gaana.com or Ola Cabs apps being hacked. Such issues have raised the alarm for the whole enterprise community. And it doesn’t seem to be stopping here. According to a report from McAfee Labs, the number of cyber attacks where malware holds user data hostage is expected to grow in 2016 as hackers target more companies and advanced software is able to compromise more types of data. In many cases the objective would be financial gain or corporate espionage, either ways, resulting in heavy losses for the enterprise.

Today, no single new age enterprise is immune to cyber threats. The humongous amount of information popping out of various social and mobile platforms continues to add to organizations’ vulnerabilities, making them attractive targets for complex cyber crimes.

For today’s digital businesses, a lot of value is tied to data and any loss to it can put their whole reputation at stake. Hence more and more companies are finding themselves terrorized by cyber threat agents who are looking for new, sophisticated routes to gain access to confidential business data. Burgess Cooper, Partner, Information & Cyber Security Advisory Services, EY, points out, “Technology is increasing a company’s vulnerability to be attacked through increased online presence, broader use of social media, mass adoption of mobile devices, increased usage of cloud services and the collection/analysis of big data.”

Read more

So does this mean war?

Sen. Chuck Schumer (D – N.Y.) said that an Iranian cyber-attack on a dam near New York City was a “shot across the bow” of the United States, which should be answered with harsher sanctions, the Associated Press reported on Friday.

“Now it looks clear that the Iranians did it,” Schumer said during an appearance on Long Island. “What were they doing? They were sending a shot across our bow. They were saying that we can damage, seriously damage, our critical infrastructure and put the lives and property of people at risk.”

The breach in the dam’s control system was first reported in December of last year, and Schumer indicated that there would a federal indictment in the case as early as April. The congressman added that the breach suggested that Iranian hackers possibly posed even greater threats. “Hackers can come in, as these Iranian hackers did, and hurt our critical infrastructure,” he observed. “What if they open the sluice gates of a dam with a whole lot of people behind it? What if they shut off the power for a large part of the area?”

Read more

To me; it’s all common sense. If you step back look at the technology landscape as a whole along with AI; you start to see the barriers that truly spolights where we have way too much hype around AI.

Example, hacking. If we had truly advance AI at the level that it has been promoted; wouldn’t make sense that researchers would want to solve the $120 billion dollar money pit issue around Cyber Security and make billions to throw at their emerging AI tech plus ensure their AI investment wouldn’t incur pushback by consumers due to lack of trust that AI would not be hacked? So, I usually tread litely on over hype technologies.

I do see great possiblities and seen some amazing things and promise from Quantum Computing; however, we will not truly realize its impact and full potential until another 7 years; I will admit I see more promise with it than the existing AI landscape that is built off of existing traditional digital technology that has been proven to be broken by hackers.

Do you “believe” in AI?

Read more

EU Justice Ministers Claims Cyber Attackers are terrorists. I wouldn’t say all of them are terrorists. Those who attack hospitals, attack government infrastructures, threaten markets, etc, are terrorists. The next door neighbor’s 13 yr old kid hacking to use your wireless internet service; not a terrorist.

European Union justice ministers on March 11th adopted a general approach on the directive on combatting terrorism, including serious cyber crimes, informs LETA/BNS.

On Friday the council greed its negotiating position on the proposal for a directive on combatting terrorism. The proposed directive strengthens the EU’s legal framework in preventing terrorist attacks by criminalising preparatory acts such as training and travel abroad for terrorist purposes – hence addressing the issue of foreign fighters – as well as aiding and abetting, inciting or attempting such acts. It also reinforce rules on the rights for the victims of terrorism, the Ministry of Justice said.

Estonian Justice Minister Urmas Reinsalu said in a speech at the Justice and Home Affairs Council that for Estonia it is very important that justice ministers were able to agree on defining serious terrorist cyber attacks as terrorist crimes. This gives the EU additional legal tools in such situations as the cyber attacks that followed the so-called Bronze Night riots that took place in Tallinn in April 2007, he added.

Read more

Barclay Simpson, a leading Corporate Governance recruitment consultancy, has released its annual Security & Resilience market report which suggests that demand continues to rise for cyber security skills as an arms race develops between cyber criminals and those looking to secure systems and data from increasingly complex cyber attacks. With increased prominence and board attention, 68% of managers do not believe their security departments are sufficiently resourced given the demands that are made on them (down from 76%) whilst 69% have recruited or attempted to recruit in the last 6 months.

Read more